|
|
Home : Advisories : AT&T System V Release 4 /bin/login Vulnerability
| Title: |
AT&T System V Release 4 /bin/login Vulnerability |
| Released by: |
CERT |
| Date: |
23rd May 1991 |
| Printable version: |
Click here |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
CA-91:08
Last Revised: Spetmeber 18,1997
Attached copyright statement
CERT Advisory
May 23, 1991
AT&T System V Release 4 /bin/login Vulnerability
- ---------------------------------------------------------------------------
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a security vulnerability in AT&T's UNIX(r)
System V Release 4 operating system. AT&T is providing a software upgrade
for Release 4 operating system vendors and a patch for AT&T Computer Systems
customers. AT&T has also provided a suggested fix for all Release 4
based systems.
- ---------------------------------------------------------------------------
I. DESCRIPTION:
A security vulnerability exists in /bin/login in AT&T's System V
Release 4 operating system.
II. IMPACT:
System users can gain unauthorized privileges.
III. SOLUTION:
A. AT&T Computer Systems customers
Log into the root account. Change the execution permission on
the file /bin/login.
chmod 500 /bin/login
Contact AT&T Computer Systems at 800-922-0354 to obtain a fix.
The numbers associated with the fix are 156 (3.5" media) and
157 (5.25" media).
International customers should contact their local AT&T
Computer Systems representative.
B. All other System V Release 4 based systems
Log into the root account. Change the execution permission on
the file /bin/login.
chmod 500 /bin/login
Release 4 customers should contact their operating system
supplier for details on the availability of the software
update.
- ---------------------------------------------------------------------------
The CERT/CC would like to thank AT&T for their timely response to our
report of this vulnerability.
- ---------------------------------------------------------------------------
If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.
Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 24-hour hotline:
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
on call for emergencies during other hours.
Past advisories and other computer security related information are available
for anonymous ftp from the cert.org (192.88.209.5) system.
- -----------------------------------------------------------------------------
Copyright 1991 Carnegie Mellon University. Conditions for use, disclaimers,
and sponsorship information can be found in
http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .
If you do not have FTP or web access, send mail to cert@cert.org with
"copyright" in the subject line.
CERT is registered in the U.S. Patent and Trademark Office.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision History
September 18,1997 Attached Copyright Statement
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBOBS9Elr9kb5qlZHQEQJxNwCg5Jcq0Y+WfMy4lI2EaZFmtFG/yosAniO2
DpW4FKfOVUGLXRUPumxMu+dW
=4xPv
-----END PGP SIGNATURE-----
|
